<?php
/**
 * admincp.php
 */

define('IN_ADMIN', TRUE);
define('NOROBOT', TRUE);
require_once './include/common.inc.php';
include(SITE_ROOT.'uc_client/client.php');
//$_COOKIE[$cookiepre.'sdadmin'] = !empty($_GET[$cookiepre.'sdadmin']) ? str_replace("@", "+",$_GET[$cookiepre.'sdadmin']) : $_COOKIE[$cookiepre.'sdadmin'];
if(in_array($action, array('login', 'logout'))) {
	switch ($action)
	{
		case 'login':
			s_setcookie('sdadmin', '', -86400);
			if(!empty($_POST['password']) && !empty($_POST['username'])) {
				$name = $_POST['username'];
				$pass = md5($_POST['password']);
				$query = $db->query("SELECT id FROM {$tablepre}admin WHERE name='$name' AND pass='$pass'");
				$isfounder = $db->num_rows($query);

				if($isfounder == 1) {
					s_setcookie('sdadmin', uc_authcode($name."\t".$pass, 'ENCODE', 'ipple'), 0);
					$administrator = $db->fetch_first("SELECT groupid FROM {$tablepre}admin WHERE name='$name' AND pass='$pass'");
					showmessage('登录成功', 'admincp.php?action=default');
				}else {
					s_setcookie('sdadmin', '', -86400);
					showmessage('登录失败');
				}
			}
			break;
			
		case 'logout':
			s_setcookie('sdadmin', '', -86400);
			showMessage('退出成功', 'admincp.php');
			break;
	}
}
elseif(!empty($_COOKIE[$cookiepre.'sdadmin']))
{
	list($name, $pass) = explode("\t", uc_authcode($_COOKIE[$cookiepre.'sdadmin'], 'DECODE', 'ipple'));
	$administrator = $db->fetch_first("SELECT id, name, editor, groupid, grouptype, grouptitle FROM {$tablepre}admin WHERE name='$name' AND pass='$pass'");
	if(!empty($administrator))
	{
		//操作记录
		require_once SITE_ROOT.'admin/cpanel.share.php';
		if(!empty($action) && !in_array($action, array('default', 'logs'))) {
			$extralog = implodearray(array('GET' => $_GET, 'POST' => $_POST), array('dosubmit', 'addsubmit', 'delsubmit', 'editsubmit', 'action'));
			$extralog = trim(str_replace(array('GET={};', 'POST={};'), '', $extralog));
			$extralog = $action == 'cache' ? '' : $extralog;
			writelog('cplog', implode("\t", clearlogstring(array($timestamp,$administrator['name'],$administrator['id'],$ip,$action,$extralog))));
			unset($extralog);
		}
		if(in_array($action, array('login', 'default', 'shop', 'category', 'content', 'comment', 'recommend', 'recommendlist', 'recomhtml', 'html', 'cache', 'user', 'block', 'upload', 'logs', 'special', 'admingroup', 'work', 'cron')))
		{
			if(!in_array($administrator[id],$creatorarr)){
				if(!include_once SITE_ROOT.'data/cache/admingroup_'.$administrator[groupid].'.php'){
					require_once SITE_ROOT.'./include/cache.func.php';
					$query = $db->query("SELECT a.*,aa.disabledactions FROM {$tablepre}admingroups as a LEFT JOIN {$tablepre}adminactions AS aa ON a.admingid = aa.admingid");
					while($data = $db->fetch_array($query)) {
					writetocache($data['admingid'], '', getcachevars($data), 'admingroup_');
					}
				}
				$dactionarr = unserialize($disabledactions);
				$daction = $op!='' ? $action.'_'.$op : $action;
				if(in_array($daction,$dactionarr)) {
					include admin_tpl("daction");
					exit;
				}
			}
			require_once SITE_ROOT.'admin/'.$action.'.inc.php';
		}
		else
		{
			showmessage("非法操作", "admincp.php?action=default");
		}
	}
}
else
{
	include admin_tpl("login");
}
?>